Introduction

Welcome to Bugzilla 3.0! It's been over eight years since
we released Bugzilla 2.0, and everything has changed since
then. Even just since our previous release, Bugzilla 2.22,
we've added a lot of new features. So enjoy the release, we're
happy to bring it to you.

This section describes what's changed in the most recent bug-fix
releases of Bugzilla after 3.0. We only list the
most important fixes in each release. If you want a detailed list of
everything that's changed in each version, you should use our
Change Log Page.

3.0.3

mod_perl no longer compiles Bugzilla's code for each Apache
process individually. It now compiles code only once and shares it among
each Apache process. This greatly improves performance and highly
decreases the memory footprint.
(Bug 398241)

You can now search for '---' (without quotes) in versions and milestones.
(Bug 362436)

Bugzilla should no longer break lines unnecessarily in
email subjects. This was causing trouble with some email clients.
(Bug 374424)

If you had selected "I'm added to or removed from this capacity" option
for the "CC" role in your email preferences, you wouldn't get mail when
more than one person was added to the CC list at once.
(Bug 394796)

Deleting a user account no longer deletes whines from another user who
has the deleted account as addressee. The schedule is simply removed,
but the whine itself is left intact.
(Bug 395924)

Bugzilla no longer requires Apache::DBI to run under
mod_perl. It caused troubles such as lost connections with the DB and
didn't give any important performance gain.
(Bug 408766)

3.0.2

Bugzilla should now work on Perl 5.9.5 (and thus the
upcoming Perl 5.10.0).
(Bug 390442)

See also the Security Advisory section for
information about an important security issue fixed in this release.

3.0.1

For users of Firefox 2, the show_bug.cgi user interface
should no longer "collapse" after you modify a bug.
(Bug 370739)

If you can bless a group, and you share a saved search with that
group, it will no longer automatically appear in all of that group's
footers unless you specifically request that it automatically appear
in their footers.
(Bug 365890)

There is now a parameter to allow users to perform searches without
any search terms. (In other words, to search for just a Product
and Status on the Simple Search page.) The parameter is called
specific_search_allow_empty_words.
(Bug 385910)

If you attach a file that has a MIME-type of text/x-patch
or text/x-diff, it will automatically be treated as a
patch by Bugzilla.
(Bug 365756)

Dependency Graphs now work correctly on all mod_perl installations.
There should now be no remaining signficant problems with running
Bugzilla under mod_perl.
(Bug 370398)

If moving a bug between products would remove groups
from the bug, you are now warned.
(Bug 303183)

On IIS, whenever Bugzilla threw a warning, it would
actually appear on the web page. Now warnings are suppressed,
unless you have a file in the data directory called
errorlog, in which case warnings will be printed there.
(Bug 390148)

If you used email_in.pl to edit a bug that was
protected by groups, all of the groups would be cleared.
(Bug 385453)

PostgreSQL users: New Charts were failing to collect data over time.
They will now start collecting data correctly.
(Bug 257351)

Instead of throwing real errors, collectstats.pl would
just say that it couldn't find ThrowUserError.
(Bug 380709)

Logging into Bugzilla from the home page works again
with IIS5.
(Bug 364008)

If you were using SMTP for sending email, sometimes emails would
be missing the Date header.
(Bug 304999).

In the XML-RPC WebService, Bug.legal_values now
correctly returns values for custom fields if you request values
for custom fields.
(Bug 381737)

The "Bug-Writing Guidelines" page has been shortened
and re-written.
(Bug 378590)

If your urlbase parameter included a port number,
like www.domain.com:8080, SMTP might have failed.
(Bug 384501)

For SMTP users, there is a new parameter, smtp_debug.
Turning on this parameter will log the full information about
every SMTP session to your web server's error log, to help with
debugging issues with SMTP.
(Bug 384497)

If you are a "global watcher" (you get all mails from every bug), you can now see that in your Email Preferences.
(Bug 365302)

The Status and Resolution of bugs are now correctly
localized in CSV search results.
(Bug 389517)

The "Subject" line of an email was being mangled if it contained
non-Latin characters.
(Bug 387860)

Custom Fields

Users in the admin group can add plain-text or drop-down
custom fields. You can edit the values available for drop-down fields
using the "Field Values" control panel.

Don't add too many custom fields! It can make Bugzilla
very difficult to use. Try your best to get along with the default
fields, and then if you find that you can't live without custom fields
after a few weeks of using Bugzilla, only then should you
start your custom fields.

If you want to enable mod_perl for your Bugzilla, we recommend
a minimum of 1.5GB of RAM, and for a site with heavy traffic, 4GB to 8GB.

If performance isn't that critical on your installation, you don't
have the memory, or you are running some other web server than
Apache, Bugzilla still runs perfectly as a normal CGI
application, as well.

Shared Saved Searches

Users can now choose to "share" their saved searches
with a certain group. That group will then be able to
"subscribe" to those searches, and have them appear
in their footer.

If the sharer can "bless" the group he's sharing to,
(that is, if he can add users to that group), it's considered
that he's a manager of that group, and his queries show up
automatically in that group's footer (although they can
unsubscribe from any particular search, if they want.)

In order to allow a user to share their queries, they also
have to be a member of the group specified in the
querysharegroup parameter.

Users can control their shared and subscribed queries from
the "Preferences" screen.

Attachments and Flags on New Bugs

You can now add an attachment while you are filing a new bug.

You can also set flags on the bug and on attachments, while
filing a new bug.

Custom Resolutions

You can now customize the list of resolutions available
in Bugzilla, including renaming the default resolutions.

The resolutions FIXED, DUPLICATE
and MOVED have a special meaning to Bugzilla,
though, and cannot be renamed or deleted.

Per-Product Permissions

You can now grant users editbugs and canconfirm
for only certain products. You can also grant users editcomponents
on a product, which means they will be able to edit that product
including adding/removing components and other product-specific
controls.

User Interface Improvements

There has been some work on the user interface for Bugzilla 3.0,
including:

There is now navigation and a search box a the top of
each page, in addition to the bar at the bottom of the page.

A re-designed "Format for Printing" page for bugs.

The layout of show_bug.cgi (the bug editing
page) has been changed, and the attachment table has been redesigned.

XML-RPC Interface

Bugzilla now has a Web Services interface using the XML-RPC
protocol. It can be accessed by external applications by going
to the xmlrpc.cgi on your installation.

Documentation can be found in the
Bugzilla
API Docs, in the various Bugzilla::WebService modules.

Skins

Bugzilla can have multiple "skins" installed,
and users can pick between them. To write a skin, you just have to
write several CSS files. See the Custom
Skins Documentation for more details.

We currently don't have any alternate skins shipping withBugzilla. If you write an alternate skin, please
let us know!

Unchangeable Fields Appear
Unchangeable

As long as you are logged in, when viewing a bug, if you
cannot change a field, it will not look like you can change it. That
is, the value will just appear as plain text.

All Emails in Templates

All outbound emails are now controlled by the templating system.
What used to be the passwordmail, whinemail,
newchangedmail and voteremovedmail
parameters are now all templates in the template/ directory.

This means that it's now much easier to customize your outbound
emails, and it's also possible for localizers to have more
localized emails as part of their language packs, if they want.

We also added a mailfrom parameter to let you set
who shows up in the From field on all emails that
Bugzilla sends.

No More Double-Filed Bugs

Users of Bugzilla will sometimes accidentally submit a bug twice, either by going back in their web browser,
or just by refreshing a page. In the past, this could file the same bug twice (or even three times) in a row, irritating
developers and confusing users.

Now, if you try to submit a bug twice from the same screen
(by going back or by refreshing the page), Bugzilla will warn
you about what you're doing, before it actually submits the duplicate
bug.

Default CC List for Components

You can specify a list of users who will always be added to
the CC list of new bugs in a component.

File/Modify Bugs By Email

You can now file or modify bugs via email. Previous versions
of Bugzilla included this feature only as an
unsupported add-on, but it is now an official interface to
Bugzilla.

Users Who Get All Bug
Notifications

There is now a parameter called globalwatchers. This
is a comma-separated list of Bugzilla users who will
get all bug notifications generated by Bugzilla.

Group controls still apply, though, so users who can't see a bug
still won't get notifications about that bug.

Improved UTF-8 Support

Bugzilla users running MySQL should now have excellent
UTF-8 support if they turn on the utf8 parameter. (New
installs have this parameter on by default.) Bugzilla
now correctly supports searching and sorting in non-English languages,
including multi-bytes languages such as Chinese.

Automatic Update Notification

If you belong to the admin group, you will be notified
when you log in if there is a new release of Bugzilla
available to download.

You can control these notifications by changing the
upgrade_notification parameter.

If your Bugzilla installation is on a machine that needs to go
through a proxy to access the web, you may also have to set the
proxy_url parameter.

Welcome Page for New Installs

When you log in for the first time on a brand-new Bugzilla
installation, you will be presented with a page that describes
where you should go from here, and what parameters you should set.

QuickSearch Plugin for IE7 and Firefox 2

Firefox 2 users and Internet Explorer 7 users will be presented
with the option to add Bugzilla to their search bar.
This uses the
QuickSearch syntax.

Other Enhancements and Changes

These are either minor enhancements, or enhancements that have
very short descriptions. Some of these are very useful, though!

Enhancements That Affect Bugzilla Users

In comments, quoted text (lines that start with >)
will be a different color from normal text.

There is now a user preference that will add you to the CC list
of any bug you modify. Note that it's on
by default.

Bugs can now be filed with an initial state of
ASSIGNED, if you are in the editbugs group.

By default, comment fields will zoom large when you are typing in them,
and become small when you move out of them. You can disable this
in your user preferences.

You can hide obsolete attachments on a bug by clicking
"Hide Obsolete" at the bottom of the attachment table.

If a bug has flags set, and you move it to a different
product that has flags with the same name, the flags will be
preserved.

You now can't request a flag to be set by somebody who can't set it
(Bugzilla will throw an error if you try).

Many new headers have been added to outbound Bugzilla
bug emails: X-Bugzilla-Status,
X-Bugzilla-Priority, X-Bugzilla-Assigned-To,
X-Bugzilla-Target-Milestone, and
X-Bugzilla-Changed-Fields, X-Bugzilla-Who.
You can look at an email to get an idea of what they contain.

In addition to the old X-Bugzilla-Reason email header
which tells you why you got an email, if you got an email because
you were watching somebody, there is now an
X-Bugzilla-Watch-Reason header that tells you who you
were watching and what role they had.

If you hover your mouse over a full URL (like
http://bugs.mycompany.com/show_bug.cgi?id=1212) that
links to a bug, you will see the title of the
bug. Of course, this only works for bugs in your
Bugzilla installation.

If your installation has user watching enabled, you will now see
the users that you can remove from your watch-list as a multi-select
box, much like the current CC list. (Previously it was just a text
box.)

When a user creates their own account in Bugzilla, the
account is now not actually created until they verify their email
address by clicking on a link that is emailed to them.

You can change a bug's resolution without reopening it.

When you view the dependency tree on a bug, resolved
bugs will be hidden by default. (In previous versions,
resolved bugs were shown by default.)

When viewing bug activity, fields that hold bug
numbers (such as "Blocks") will have the bug numbers
displayed as links to those bugs.

When viewing the "Keywords" field in a bug list,
it will be sorted alphabetically, so you can sanely sort a list on
that field.

In most places, the Version field is now sorted using a version-sort
(so 1.10 is greater than 1.2) instead of an alphabetical sort.

Options for flags will only appear if you can set them. So, for
example, if you can't grant + on a flag, that option
won't appear for you.

You can limit the product-related output of config.cgi
by specifying a product= URL argument, containing the name
of a product. You can specify the argument more than once for multiple
products.

You can now search the boolean charts on whether or not a comment
is private.

Enhancements For Administrators

Administrators can now delete attachments, making them disappear
entirely from Bugzilla.

sanitycheck.cgi can now only be accessed by users
in the editcomponents group.

The "Field Values" control panel can now only be accessed
by users in the admin group. (Previously it was accessible
to anybody in the editcomponents group.)

There is a new parameter announcehtml, that will allow
you to enter some HTML that will be displayed at the top of every
page, as an announcement.

The loginnetmask parameter now defaults to 0 for new
installations, meaning that as long as somebody has the right
login cookie, they can log in from any IP address. This makes
life a lot easier for dial-up users or other users whose IP
changes a lot. This could be done because the login cookie is now
very random, and thus secure.

Classifications now have sortkeys, so they can be sorted in an
order that isn't alphabetical.

Authentication now supports LDAP over SSL (LDAPS) or TLS (using
the STARTLS command) in addition to plain LDAP.

LDAP users can have their LDAP username be their email address,
instead of having the LDAP mail attribute be their
email address. You may wish to set the emailsuffix
parameter if you do this.

Administrators can now see what has changed in a user account,
when using the "Users" control panel.

REMIND and LATER are no longer part
of the default list of resolutions. Upgrading installations will
not be affected--they will still have these resolutions.

editbugs is now the default for the timetrackinggroup
parameter, meaning that time-tracking will be on by default in a new
installation.

Outstanding Issues

Bug 69621: If you rename or remove a keyword that is
in use on bugs, you will need to rebuild the "keyword cache"
by running sanitycheck.cgi and choosing
the option to rebuild the cache when it asks. Otherwise keywords may
not show up properly in search results.

Bug 99215: Flags are not protected by "mid-air
collision" detection. Nor are any attachment changes.

Bug 89822: When changing multiple bugs at
the same time, there is no "mid-air collision" protection.

Bug 276230: The support for restricting access to
particular Categories of New Charts is not complete. You should treat
the 'chartgroup' Param as the only access mechanism available.
However, charts migrated from Old Charts will be restricted to
the groups that are marked MANDATORY for the corresponding Product.
There is currently no way to change this restriction, and the
groupings will not be updated if the group configuration
for the Product changes.

Bug 370370: mod_perl support is currently not
working on Windows machines.

Bug 361149: If you are using Perl 5.8.0, you may
get a lot of warnings in your Apache error_log about "deprecated
pseudo-hashes." These are harmless--they are a bug in
Perl 5.8.0. Perl 5.8.1 and later do not have this problem.

Bugzilla 3.0rc1 allowed custom field column names in
the database to be mixed-case. Bugzilla 3.0 only allows
lowercase column names. It will fix any column names that you have
made mixed-case, but if you have custom fields that previously were
mixed-case in any Saved Search, you will have to re-create that Saved
Search yourself.

Security Updates in This Release

3.0.3

No security fixes in this release.

3.0.2

Bugzilla 3.0.1 had an important security fix that is
critical for public installations with "requirelogin" turned on.
For details, see the
Security Advisory

3.0.1

Bugzilla 3.0 had three security issues that have been
fixed in this release: one minor information leak, one hole only
exploitable by an admin or using email_in.pl, and one in an
uncommonly-used template. For details, see the
Security Advisory.

How to Upgrade From An Older Version

Notes For Upgraders

If you upgrade by CVS, there are several .cvsignore files
that are now in CVS instead of being locally created by
checksetup.pl. This means that you will have to
delete those files when CVS tells you there's a conflict, and
then run cvs update again.

In this version of Bugzilla, the Summary field
is now limited to 255 characters. When you upgrade, any Summary
longer than that will be truncated, and the old summary will be
preserved in a comment.

If you have the utf8 parameter turned on, at some
point you will have to convert your database. checksetup.pl
will tell you when this is, and it will give you certain instructions
at that time, that you have to follow before you can complete
the upgrade. Don't do the conversion yourself manually--follow
the instructions of checksetup.pl.

If you ever ran 2.23.3, 2.23.4, or 3.0rc1, you will have to run
./collectstats.pl --regenerate at the command line, because
the data for your Old Charts is corrupted. This can take several days,
so you may only want to run it if you use Old Charts.

You should also read the Outstanding Issues sections of
older release notes if you are upgrading
from a version lower than 2.22.

Steps For Upgrading

View the Sanity Check page on your
installation before upgrading. Attempt to fix all warnings that
the page produces before you go any further, or you may experience
problems during your upgrade.

Make a backup of the Bugzilla database before you upgrade,
perhaps by using mysqldump. THIS IS VERY
IMPORTANT. If anything goes wrong during the upgrade, your
installation can be corrupted beyond recovery. Having a backup keeps you
safe.

Example: mysqldump -u root -p bugs >
bugs-db.sql

Replace the files in your installation with the new version of Bugzilla, or you can try to use CVS to upgrade.

You can also use a brand-new Bugzilla directory, as long
as you copy over the old data/ directory and the
localconfig file to the new installation.

It is recommended that, if possible, you fix any problems you find
immediately. Failure to do this may mean that Bugzilla will
not work correctly. Be aware that if the sanity check page contains more
errors after an upgrade, it doesn't necessarily mean there are more
errors in your database than there were before, as additional tests
are added to the sanity check over time, and it is possible that those
errors weren't being checked for in the old version.

Packagers: Location
Variables Have Moved

In previous versions of Bugzilla, Bugzilla::Config
held all the paths for different things, such as the path to localconfig
and the path to the data/ directory.

Now, all of this data is stored in a subroutine,
Bugzilla::Constants::bz_locations.

Also, note that for mod_perl, bz_locations must return
absolute (not relative) paths. There is already code in that
subroutine to help you with this.

Hooks!

Bugzilla now supports a code hook mechanism. See the
documentation for
Bugzilla::Hook
for more details.

This gives Bugzilla very advanced plugin support. You can
hook templates, hook code, add new parameters, and use the XML-RPC
interface. So we'd like to see some Bugzilla plugins
written! Let us know on the developers@bugzilla.org
mailing list if you write a plugin.

API Documentation

Bugzilla now ships with all of its perldoc built
as HTML. Go ahead and read the
API Documentation
for all of the Bugzilla modules now! Even scripts like
checksetup.pl have HTML documentation.

Elimination of globals.pl

The old file globals.pl has been eliminated.
Its code is now in various modules. Each function went to the module
that was appropriate for it.

Usually we filed a bug in
bugzilla.mozilla.org for
each function we moved. You can search there for the old name of
the function, and that should get you the information about what
it's called now and where it lives.

Cleaned Up Variable Scoping Issues

In normal perl, you can have code like this:

my $var = 0;
sub y { $var++ }

However, under mod_perl that doesn't work. So variables are no
longer "shared" with subroutines--instead all variables
that a subroutine needs must be declared inside the subroutine itself.

No More SendSQL

The old SendSQL function and all of its companions are
gone. Instead, we now use DBI for all database
interaction.

Auth Re-write

The Bugzilla::Auth family of modules have been completely
re-written. For details on how the new structure of authentication,
read the
Bugzilla::Auth
API docs.

It should be very easy to write new authentication plugins, now.

Bugzilla::Object

There is a new base class for most of our objects,
Bugzilla::Object.
It makes it really easy to create new objects based on things that are
in the database.

Bugzilla->request-cache

Bugzilla.pm used to cache things like the database
connection in package-global variables (like $_dbh).
That doesn't work in mod_perl, so instead now there's a hash
that can be accessed through Bugzilla->request_cache
to store things for the rest of the current page request.

You shouldn't access Bugzilla->request_cache directly,
but you should use it inside of Bugzilla.pm if you modify
that. The only time you should be accessing it directly is if you need
to reset one of the caches. Hash keys are always named after the function
that they cache, so to reset the template object, you'd do:
delete Bugzilla->request_cache->{template};.